Attackers are continuously evolving, becoming more sophisticated and destructive. If you fall victim to a phishing email, the median time for an attacker to access your private data is just 1 hour and 12 minutes.
Microsoft tracks over 35 ransomware families and more than 250 unique nation-state attackers, cybercriminals, and other actors. Our unparalleled threat intelligence processes more than 43 trillion signals per day, including 2.5 billion daily endpoint queries and blocking 921 password attacks every second. We collaborate with over 15,000 partners in our security ecosystem and have a dedicated team of more than 8,500 engineers, researchers, data scientists, cybersecurity experts, threat hunters, geopolitical analysts, investigators, and frontline responders across 77 countries. We integrate human and machine intelligence with built-in AI to continuously learn from the attack landscape, and our dedicated team, the Microsoft Offensive Research and Security Engineering (MORSE), works to stop threats before they reach your device. This comprehensive approach is integral to delivering a more secure Windows with every release.
“Because Microsoft designed the security model of Windows 11 from the ground up to assume that some component has already been compromised, threat actors will find it orders of magnitude more difficult to remain undetected [and persist] in the environment than in traditional architectures.” – SANS Institute.
Protection that Evolves with the Threat Landscape
Today, we are proud to announce that the security features highlighted in April 2022 are now available on Windows 11.
Application Control
We’ve introduced features that provide flexibility in choosing applications while maintaining tight security. Smart App Control is a new feature designed to prevent scripting attacks and protect users from running untrusted or unsigned applications often associated with malware or attack tools. This feature uses AI to create a model based on 43 trillion daily security signals to predict if an app is safe. Although app control is one of the most effective malware protection approaches, it can be complex to deploy. Windows 11 leverages AI to generate a continuously updated app control policy, allowing common and known safe apps to run while blocking unknown apps often associated with new malware. Smart App Control is built on the same OS core capabilities used in Windows Defender Application Control and is available on all Windows client editions with clean installations of Windows 11 2022 Update. For enterprises, IT teams can use Microsoft Intune with Windows Defender Application Control to remotely apply policies controlling what apps run on workplace devices.
Vulnerable Driver Protection
Malware increasingly targets drivers to exploit vulnerabilities, disable security agents, and compromise systems. Windows 11 uses virtualization-based security (VBS) for enhanced kernel protection against potential threats. Hypervisor-protected code integrity (HVCI), also known as memory integrity, is enabled by default on all new Windows 11 devices. HVCI uses VBS to run kernel mode code integrity (KMCI) inside the secure VBS environment instead of the main Windows kernel, helping to prevent attacks that attempt to modify kernel mode code such as drivers. The Microsoft vulnerable driver block list is another important safeguard against advanced persistent threats and ransomware attacks that exploit known vulnerable drivers. Starting with the 2022 Update, the block policy is enabled by default for all new Windows computers, and users can opt-in to enforce the policy from the Windows Security app.
Enhanced Identity Protection and Simplified Password Management
Windows 11 enhances data protection and secure hybrid work with the latest advanced security features. Windows Defender Credential Guard, enabled by default with Windows 11 Enterprise, uses hardware-backed, virtualization security to protect against credential theft techniques such as pass-the-hash or pass-the-ticket. Enhanced phishing protection in Microsoft Defender SmartScreen detects and warns users when entering passwords into known compromised apps or websites and promotes good credential hygiene by warning users against reusing passwords or storing them in unsafe locations. Windows Hello for Business provides a password less authentication experience, using unique identifiers such as face, fingerprint, or PIN, bound to the device for secure single sign-on across computer and cloud services.
Locking Down IT Policy and Compliance
Config lock, available only on Secured-core PCs, helps prevent configuration drift by monitoring registry keys and reverting to the IT-desired Secured-core state when a drift is detected. This feature builds on the security fundamentals of Windows 11 and is secured by specific hardware features.
Ongoing Innovation to Improve Security for All
We continue to enhance security from chip to cloud, emphasizing the benefits of modern devices optimized for security and hybrid work. Secured-core PCs with Windows 11 offer advanced firmware protection and other safeguards. The Microsoft Pluton security processor, designed in collaboration with our silicon partners, integrates into the CPU's silicon, providing protection for sensitive assets and receiving security updates directly from the cloud through Windows updates.
Microsoft is committed to a secure future, with a USD 20 billion investment in security research and development over five years. We are dedicated to continuously improving Windows' foundational security to help you thrive now and in the future.